Nikolai Kondrashov [Tue, 21 Oct 2014 15:30:05 +0000 (18:30 +0300)]
Add --disable-openssl-version-check option
Add "--disable-openssl-version-check" configure option, which removes
checking for vulnerable OpenSSL versions. It is supposed to be used by
downstream packagers and distributions who have other means to ensure
vulnerabilities are fixed, such as versioned package dependencies and
vulnerability handling processes.
This avoids the necessity of editing radiusd.conf on package upgrade to
make sure it keeps working. At the same time, it provides safe default
to those installing FreeRADIUS from source.
Arran Cudbard-Bell [Thu, 23 Oct 2014 21:50:29 +0000 (17:50 -0400)]
Add missing param
Arran Cudbard-Bell [Thu, 23 Oct 2014 17:16:27 +0000 (13:16 -0400)]
Minor wording tweaks and doxygen fixes
Arran Cudbard-Bell [Thu, 23 Oct 2014 17:13:51 +0000 (13:13 -0400)]
Rename redback dictionary to ericsson.ab
Alan T. DeKok [Thu, 23 Oct 2014 15:06:12 +0000 (11:06 -0400)]
More debugging messages
Alan T. DeKok [Thu, 23 Oct 2014 15:05:37 +0000 (11:05 -0400)]
Decode Starent attributes properly
Arran Cudbard-Bell [Wed, 22 Oct 2014 23:40:28 +0000 (19:40 -0400)]
Add .plist for osx
Arran Cudbard-Bell [Wed, 22 Oct 2014 04:47:31 +0000 (00:47 -0400)]
TYPO
Arran Cudbard-Bell [Wed, 22 Oct 2014 03:46:07 +0000 (23:46 -0400)]
Seems to still work, and shuts doxygen up
Arran Cudbard-Bell [Wed, 22 Oct 2014 03:34:48 +0000 (23:34 -0400)]
More minor doxygen fixes
Arran Cudbard-Bell [Wed, 22 Oct 2014 03:14:37 +0000 (23:14 -0400)]
Doxygen fixups
Aaron Hurt [Tue, 21 Oct 2014 20:37:50 +0000 (15:37 -0500)]
correct example view and change strn* functions to use the strl* counterparts
Aaron Hurt [Wed, 15 Oct 2014 00:14:27 +0000 (19:14 -0500)]
Implement requested dynamic client capabilities.
* Implement a request to support loading clients from Couchbase doucments.
* Handles nested sections using new rlm_ldap code as an example.
* Complete Doxygen comments for all module structures and functions.
Alan T. DeKok [Tue, 21 Oct 2014 19:45:30 +0000 (15:45 -0400)]
The delimiter can be \\, too
Alan T. DeKok [Tue, 21 Oct 2014 19:43:10 +0000 (15:43 -0400)]
Fix typo @rm --> rm
Alan T. DeKok [Tue, 21 Oct 2014 19:00:08 +0000 (15:00 -0400)]
Document new "correct_escapes" config item
And switch examples to using it.
Alan T. DeKok [Tue, 21 Oct 2014 18:59:30 +0000 (14:59 -0400)]
Allow section name2 to be parsed with correct escapes
Mainly for regexes in realms. But also for "switch"
and "case" statements
Alan T. DeKok [Tue, 21 Oct 2014 15:12:38 +0000 (11:12 -0400)]
Use new escapes, and update tests
Alan T. DeKok [Tue, 21 Oct 2014 15:11:33 +0000 (11:11 -0400)]
Hacks to allow "correct_escapes"
We have to set it BEFORE we parse the rest of the config files,
which means we can't do it in a CONF_PARSERS.
So... it's a hack. But an efficient one.
Alan T. DeKok [Tue, 21 Oct 2014 14:30:59 +0000 (10:30 -0400)]
Use new escape when compiling "update" sections
Alan T. DeKok [Tue, 21 Oct 2014 14:30:33 +0000 (10:30 -0400)]
Use new escape variable in conditional parser
Alan T. DeKok [Tue, 21 Oct 2014 14:30:20 +0000 (10:30 -0400)]
Allow for new escaping rules via a global variable
Alan T. DeKok [Tue, 21 Oct 2014 14:19:57 +0000 (10:19 -0400)]
If we're not escaping, pass \ straight thru
Alan T. DeKok [Mon, 20 Oct 2014 19:47:05 +0000 (15:47 -0400)]
Remove extra debugging statement
Alan T. DeKok [Mon, 20 Oct 2014 19:28:16 +0000 (15:28 -0400)]
More eval debug messages
Arran Cudbard-Bell [Mon, 20 Oct 2014 22:06:41 +0000 (18:06 -0400)]
Stupid doxygen
Arran Cudbard-Bell [Mon, 20 Oct 2014 22:02:03 +0000 (18:02 -0400)]
Doxygen
Arran Cudbard-Bell [Mon, 20 Oct 2014 21:57:16 +0000 (17:57 -0400)]
Fixup LDAP clients so nested sections are processed too
Arran Cudbard-Bell [Sun, 19 Oct 2014 23:05:08 +0000 (19:05 -0400)]
Doxygen
Arran Cudbard-Bell [Sun, 19 Oct 2014 22:54:36 +0000 (18:54 -0400)]
Modify map_afrom_cs to take a validation callback to verify and fixup maps
This makes the code much easier to follow, removes a bunch of duplicated validation code,
and avoids duplicating map_afrom_cs for any modules that have different validation rules.
Arran Cudbard-Bell [Sun, 19 Oct 2014 22:52:43 +0000 (18:52 -0400)]
Convert some log messages in map_afrom_cp to use the cp not the ci
Alan T. DeKok [Sun, 19 Oct 2014 14:05:22 +0000 (10:05 -0400)]
Force dst_ipaddr to be initialized. Closes CID #1248167
Alan T. DeKok [Sun, 19 Oct 2014 14:03:27 +0000 (10:03 -0400)]
Initialize 63 entry, too. Closes CID #1248166
Arran Cudbard-Bell [Sun, 19 Oct 2014 01:32:43 +0000 (21:32 -0400)]
rm \n
Arran Cudbard-Bell [Sun, 19 Oct 2014 01:31:36 +0000 (21:31 -0400)]
Perform substitutions for #undef autoconf macros in missing.h
Arran Cudbard-Bell [Sat, 18 Oct 2014 22:42:18 +0000 (18:42 -0400)]
fix missing.h substitutions to end matches at end of line (so HTON_LLL doesn't get substituted with the value for HTON_LL)
Arran Cudbard-Bell [Sat, 18 Oct 2014 22:04:55 +0000 (18:04 -0400)]
HAVE_HTONLL not HAVE_HTON_LL (Fix build for Yosemite)
Arran Cudbard-Bell [Sat, 18 Oct 2014 17:42:26 +0000 (13:42 -0400)]
Need to merge suboptions list, not insert the head of it, closes #812
Herwin Weststrate [Fri, 17 Oct 2014 17:49:23 +0000 (19:49 +0200)]
Fixed check in pairvalidate
The only commit in this series that actually changes some behaviour. The test was supposed to check if one of the values (match and check) was false, while the other was true. Because the while loop already validated that at least one of them is true, we can get the desired behaviour by just checking if one of them is false. The old behaviour only tested to see if match was false.
This code is not tested in the unit tests. It would be nice to have it in there, but I've got no idea how to write that.
This fixes the following message of cppcheck:
[src/lib/valuepair.c:547]: (style) Same expression on both sides of '||'.
Herwin Weststrate [Fri, 17 Oct 2014 17:34:52 +0000 (19:34 +0200)]
Use *= 2 instead of += $self for doubling
The generated code is slightly more efficient too (unless you consider compiler optimizations)
This fixes the following message of cppcheck:
[src/modules/rlm_unbound/rlm_unbound.c:157]: (style) Same expression on both sides of '+='.
Herwin Weststrate [Fri, 17 Oct 2014 17:26:52 +0000 (19:26 +0200)]
Dereference query pointers before checking to see if they're empty
This effectively did a check to see if the pointer was NULL, exactly what we did in the LHS of the and operator.
This fixes the following messages of cppcheck:
[src/modules/rlm_sql/rlm_sql.c:638]: (warning) Char literal compared with pointer 'inst.config.authorize_group_check_query'. Did you intend to dereference it?
[src/modules/rlm_sql/rlm_sql.c:675]: (warning) Char literal compared with pointer 'inst.config.authorize_group_reply_query'. Did you intend to dereference it?
Herwin Weststrate [Fri, 17 Oct 2014 17:16:34 +0000 (19:16 +0200)]
Removed assignment of function parameter at the end of function
This fixes the following message of cppcheck:
[src/main/tmpl.c:826]: (warning) Assignment of function parameter has no effect outside the function.
Herwin Weststrate [Fri, 17 Oct 2014 17:04:12 +0000 (19:04 +0200)]
Removed some unused variables
This fixes the following messages of cppcheck:
[src/modules/rlm_sql/drivers/rlm_sql_freetds/rlm_sql_freetds.c:290]: (style) Variable 'ret' is assigned a value that is never used.
[src/modules/rlm_sql/drivers/rlm_sql_freetds/rlm_sql_freetds.c:492]: (style) Variable 'ret' is assigned a value that is never used.
[src/modules/rlm_sql/drivers/rlm_sql_freetds/rlm_sql_freetds.c:573]: (style) Variable 'ret' is assigned a value that is never used.
[src/modules/rlm_passwd/rlm_passwd.c:284]: (style) Variable 'len' is assigned a value that is never used.
Herwin Weststrate [Fri, 17 Oct 2014 16:51:09 +0000 (18:51 +0200)]
Use %u in sprintf when printing unsigned integers
This fixes the following messages of cppcheck:
[src/modules/rlm_eap/libeap/eapcrypto.c:108]: (warning) %d in format string (no. 1) requires 'int' but the argument type is 'unsigned int'.
[src/modules/rlm_eap/libeap/eapcrypto.c:119]: (warning) %d in format string (no. 1) requires 'int' but the argument type is 'unsigned int'.
[src/modules/rlm_eap/libeap/eapcrypto.c:126]: (warning) %d in format string (no. 1) requires 'int' but the argument type is 'unsigned int'.
[src/modules/rlm_eap/libeap/eapcrypto.c:133]: (warning) %d in format string (no. 1) requires 'int' but the argument type is 'unsigned int'.
[src/modules/rlm_detail/rlm_detail.c:236]: (warning) %d in format string (no. 1) requires 'int' but the argument type is 'unsigned int'.
Arran Cudbard-Bell [Thu, 16 Oct 2014 15:51:57 +0000 (11:51 -0400)]
Decode status nibble
Arran Cudbard-Bell [Thu, 16 Oct 2014 15:16:57 +0000 (11:16 -0400)]
Fix OpenSSL version check issues
Arran Cudbard-Bell [Mon, 13 Oct 2014 20:01:32 +0000 (16:01 -0400)]
Gotta catch em all (SIGILL)
Alan T. DeKok [Thu, 16 Oct 2014 11:53:23 +0000 (07:53 -0400)]
doxygen
Nikolai Kondrashov [Thu, 16 Oct 2014 10:59:51 +0000 (13:59 +0300)]
raddb: Use appropriate module names in traps
Specify appropriate module names for all module traps in trigger.conf,
instead of using "ldap" for all.
Nikolai Kondrashov [Thu, 16 Oct 2014 10:48:32 +0000 (13:48 +0300)]
raddb: Remove extra apostrophe from trigger.conf
Remove a spurious apostrophe from trigger.conf's trigger.modules.args.
This fixes module triggers, otherwise producing this error:
rad_expand_xlat: Invalid string passed as argument
Nikolai Kondrashov [Wed, 15 Oct 2014 17:03:11 +0000 (20:03 +0300)]
exec: Don't assume request presence when logging
Use DEBUG* macros for logging, instead of RDEBUG* macros in
radius_start_program and radius_readfrom_program as these are not
guaranteed to be invoked with a valid request.
For example, not from most of the exec_trigger invocations.
Alan T. DeKok [Tue, 14 Oct 2014 16:36:37 +0000 (12:36 -0400)]
Assign cp
Alan T. DeKok [Tue, 14 Oct 2014 15:06:19 +0000 (11:06 -0400)]
Fix error message
Alan T. DeKok [Tue, 14 Oct 2014 13:57:26 +0000 (09:57 -0400)]
My attempt to fix ldap:
reply: += 'ldapAttrName'
It should work, but it's untested
Alan T. DeKok [Tue, 14 Oct 2014 13:07:45 +0000 (09:07 -0400)]
Clearer error messages
Alan T. DeKok [Tue, 14 Oct 2014 13:07:27 +0000 (09:07 -0400)]
If we're using basedn in a section, be sure it exists
Alan T. DeKok [Sat, 11 Oct 2014 17:04:56 +0000 (13:04 -0400)]
Don't duplicate code
Alan T. DeKok [Sat, 11 Oct 2014 17:01:23 +0000 (13:01 -0400)]
Clean up sanitize function
Alan T. DeKok [Sat, 11 Oct 2014 16:58:13 +0000 (12:58 -0400)]
Remove realm_home_server_add()
It's not needed
Arran Cudbard-Bell [Mon, 13 Oct 2014 14:38:32 +0000 (10:38 -0400)]
dn needs wider scope
Arran Cudbard-Bell [Mon, 13 Oct 2014 14:37:14 +0000 (10:37 -0400)]
Fixup LDAP client config
Arran Cudbard-Bell [Mon, 13 Oct 2014 14:25:11 +0000 (10:25 -0400)]
Doxygen
Arran Cudbard-Bell [Mon, 13 Oct 2014 14:18:20 +0000 (10:18 -0400)]
Allow arbitrary attributes for LDAP clients
Arran Cudbard-Bell [Mon, 13 Oct 2014 13:48:36 +0000 (09:48 -0400)]
Formatting
Arran Cudbard-Bell [Fri, 10 Oct 2014 20:17:25 +0000 (16:17 -0400)]
Move some functions around in clients.c and expose client_afrom_cs so it can be used to parse dynamically generated client sections
Alan T. DeKok [Sat, 11 Oct 2014 13:13:28 +0000 (09:13 -0400)]
Fix typo
Alan T. DeKok [Sat, 11 Oct 2014 13:00:58 +0000 (09:00 -0400)]
Document 'track = yes' in the correct place
Alan T. DeKok [Fri, 10 Oct 2014 19:51:03 +0000 (15:51 -0400)]
Note recent changes
Alan T. DeKok [Fri, 10 Oct 2014 19:44:06 +0000 (15:44 -0400)]
Fix compiler warning
Alan T. DeKok [Fri, 10 Oct 2014 19:38:41 +0000 (15:38 -0400)]
Allow CoA packets to be proxied via Packet-Dst-IP-Address
Alan T. DeKok [Fri, 10 Oct 2014 19:08:14 +0000 (15:08 -0400)]
Allow CoA packets to be read from the detail file
Alan T. DeKok [Fri, 10 Oct 2014 19:06:35 +0000 (15:06 -0400)]
Expose rad_coa_recv
Alan T. DeKok [Fri, 10 Oct 2014 19:04:12 +0000 (15:04 -0400)]
Set packet->code from Packet-Type in detail file
but still force everything to be accounting packets.
We'll need a separate rad_coa() function to handle reading
coa packets from the detail file reader
Alan T. DeKok [Fri, 10 Oct 2014 18:58:03 +0000 (14:58 -0400)]
Add tracking when reading detail files.
So that we process each packet once, and only once
Alan T. DeKok [Fri, 10 Oct 2014 18:48:31 +0000 (14:48 -0400)]
Write timestamps even in non-compat mode
Arran Cudbard-Bell [Fri, 10 Oct 2014 02:12:33 +0000 (22:12 -0400)]
Rename vpt_types to tmpl_types
Arran Cudbard-Bell [Thu, 9 Oct 2014 19:01:06 +0000 (15:01 -0400)]
cf_item_add defined too many times...
Arran Cudbard-Bell [Thu, 9 Oct 2014 18:18:29 +0000 (14:18 -0400)]
Support adding arbitrary attributes for dynamic clients
Arran Cudbard-Bell [Thu, 9 Oct 2014 14:53:43 +0000 (10:53 -0400)]
Expose cf_item_add and cf_pair_alloc
Arran Cudbard-Bell [Thu, 9 Oct 2014 14:51:04 +0000 (10:51 -0400)]
Still need the loop
Arran Cudbard-Bell [Thu, 9 Oct 2014 14:32:01 +0000 (10:32 -0400)]
Adding the same VP twice is bad mm'k Fixes #809
Arran Cudbard-Bell [Thu, 9 Oct 2014 14:26:43 +0000 (10:26 -0400)]
Typo
Alan T. DeKok [Thu, 9 Oct 2014 14:16:28 +0000 (10:16 -0400)]
Note recent changes
Alan DeKok [Thu, 9 Oct 2014 14:16:15 +0000 (10:16 -0400)]
Merge pull request #809 from Feh/pairadd-ignore-dups
pairadd: Don't add a VP if it's already present
Arran Cudbard-Bell [Thu, 9 Oct 2014 11:17:44 +0000 (07:17 -0400)]
More verbose error messages about VALUE_PAIRs with bad dictionary entries
Julius Plenz [Thu, 9 Oct 2014 10:48:37 +0000 (12:48 +0200)]
pairadd: Don't add a VP if it's already present
In the 3.0 code base, pairmake() will already do a pairadd()
automatically. If an old code base (e.g. modules originally written for
FreeRADIUS 2.x) uses pairmake() and then pairadd() explicitly, this will
add the VP *twice*, thus creating a cyclic list structure, e.g.:
A->next == B;
B->next == B;
B->next == B;
B->next == B;
...
This makes any function that walks all value pairs end up eating 100%
CPU.
Since VPs are added at the end of the list, we can simply stop
traversing the list and return silently in case the VP is already
present.
Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de>
Arran Cudbard-Bell [Wed, 8 Oct 2014 17:54:32 +0000 (18:54 +0100)]
Formatting
Arran Cudbard-Bell [Wed, 8 Oct 2014 17:54:02 +0000 (18:54 +0100)]
Better error message for invalid LHS
Alan T. DeKok [Wed, 8 Oct 2014 20:31:00 +0000 (16:31 -0400)]
Fixes for detail file reader
Alan T. DeKok [Wed, 8 Oct 2014 19:24:51 +0000 (15:24 -0400)]
Clean up debug message
Alan T. DeKok [Wed, 8 Oct 2014 19:18:21 +0000 (15:18 -0400)]
Don't send packets with code 0
Alan T. DeKok [Wed, 8 Oct 2014 19:00:12 +0000 (15:00 -0400)]
Fix assertion to only check for TCP sockets
Kevin Wasserman [Mon, 22 Sep 2014 20:31:09 +0000 (16:31 -0400)]
Fix TRUSTROUTER -> TRUST_ROUTER
Arran Cudbard-Bell [Tue, 7 Oct 2014 21:48:42 +0000 (22:48 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Tue, 7 Oct 2014 21:42:25 +0000 (22:42 +0100)]
Correct fix for #808
Herwin Weststrate [Tue, 7 Oct 2014 15:59:54 +0000 (17:59 +0200)]
Prevent assert(0) in rlm_rest
If the RADIUS server is compiled without JSON support, it is still possible that the other end of the rlm_rest module returns JSON. This triggered an "assert(0)" and crashed the server. This fixes this by printing an error message to indicate that the reply of the REST server couldn't be parsed, and failing the module gracefully.
Alan T. DeKok [Tue, 7 Oct 2014 20:27:39 +0000 (16:27 -0400)]
Even when there's no response, poke the detail file reader
So that it retranmits.
Alan T. DeKok [Tue, 7 Oct 2014 17:02:21 +0000 (13:02 -0400)]
Handle failures for internally proxied requests.
If there's no reply, deal with that case, rather than
assuming that everything's OK
Alan T. DeKok [Tue, 7 Oct 2014 16:01:46 +0000 (12:01 -0400)]
Don't check synchronous / nodup for detail sockets
Alan T. DeKok [Tue, 7 Oct 2014 15:53:13 +0000 (11:53 -0400)]
Use correct definition